UFED Physical will soon add support for iPhone/iPad physical extraction and data decoding.

Once this is released, this would be the easiest and most complete solution for iPhone/iPad physical.

RonS

I've started a new thread for this discussion because, as usual, RonS is hijacking an otherwise useful post for blatant marketing messages about his own product.

Anyhow, let's get some substance on your post please.

What models and IOS versions will UFED be supporting for physical dump?
When are you releasing it?
Will it take the form of a bit-for-bit image or is a "filesystem dump" given your product's history at confusing the two?
Will you be jailbreaking the device?
What footprint, if any will be left in the image and device beyond jailbreaking?
Will you extract the system partition too?
Will you be able to decode all or partial data types?

Regarding chip off, as part of the iPhone decoding, UFED PA support the file system reconstruction from a chip off (FTL implementation), This was tested with several versions (not all)

Regarding your other questions:
When the iPhone is encrypted on a hardware level, we bypass the encryption by performing a file system extraction of the entire data partition including ALL the files (without jail breaking and also when the device is password locked).
We also support the extraction of the encrypted partition, but as of now the result after file system reconstruction are encrypted files.

I am not aware of any solution at the moment (although we are researching this) that can decrypt the iPhone 4 encrypted dumps.

Sorry for the cross post but I see that this conversation has two threads:

Hi Ron S:

I appreciate your need to advertise your product but the chipoff process has value in areas that the Cellebrite kit can't help, even when it can read physical.

If the guy destroys his phone before or during the arrest, now you have a iPhone or cell phone that won't connect to the cellebrite kit, where do you stand with that?

If the cell phone is not functioning for whatever reason, mechanically that is, how can Cellebrite help us?

If there is water damage or physical damage to the port needed to communicate with the iPhone, where does Cellebrite do with this.

My research was done to allow us to get the RAW data from iPhones and cell phones that have been presented to us in these conditions. If the required chip is still in tack, then we are able to get the data.

I did not do all this work to infringe on the Cellebrite tool, I do this to further the abiltiy of Police Officers and forensic examiners to get the user data from cell phones so we can put bad guys in jail.

I might add that this process is very simple and very "cost effective". (-:

I think that there is some miss understanding of what I wrote.
I did not say at any point that chip off has no value.

On the contrary, we constantly perform chip-off for different platforms even before we conclude the R&D and are able to perform the physical extraction using the UFED.

We did this for Symbian, Blackberry, iPhone, LG, Samsung and many others.

We are doing this for 2 purposes:
1) Develop file system reconstruction and data decoding so that when our customers perform chip off they have a solution for decoding their data and at the stage we are able to perform the physical dump, we will already have the decoding ready.

As an example, when you perform the iPhone chip-off, you could decode your dump using UFED PA.

2) Validation that our UFED physical extraction gets all and the correct data.

Regarding chip-off being simple as generic solution for physical extraction, I am not sure I agree, but it might be for specific models (like iPhone).